216.73.217.24

CVE-2026-21724

· Published 26/03/2026 21:17 · Modified 27/03/2026 15:16

Labels: CVE-2026-21724 2026-03-26CVE-2026-21724CWE-285[email protected]

Essential information

Published
26/03/2026 21:17
Modified
27/03/2026 15:16
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
grafana / grafana oss cpe:2.3:a:grafana:grafana_oss:*:*:*:*:*:*:*:*

References